Phishing

SecurityIQ, AwareEd, and PhishSim User’s Manual, Pt. 7: Account Settings

Infosec
October 18, 2016 by
Infosec

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Objectives

Once you have completed this section, you will be able to:

  • Apply custom branding to your SecurityIQ portal
  • Set the default education asset used in PhishSim Templates
  • Add custom domains to be used for sending PhishSim notifications
  • Enable the suppression of footers in PhishSim emails (Enterprise version only)
  • Customize PhishNotify Plugin messages
  • Select the default domain used for sending AwareEd learner notifications
  • Add additional administrators to your SecurityIQ portal
  • Download email logs

Overview

The account settings of your SecurityIQ platform allow you to control multiple areas of your platform.

To get started navigate to Account Settings under the Gear icon.

Updating User Information

This section allows you to change your customer name and email. You can also set the timezone of your choosing.

 

Branding

You can change the branding that appears in AwareAD Module, AwareED Notification, Mandatory Policy, And PhishSim Landing pages. You can change the branding to your organization's branding.

Requirements:

  1. File must be JPG or PNG.
  2. File must be no smaller than 420x420 or larger than 1280x1280.

Adding branding:

  1. Click the Change Branding Button.
  2. Name your branding.
  3. Choose a background color.
  4. Choose your desired logo from file.
  5. If you wish you can preview your branding.
  6. Click the Add Branding Option button.

Change the Branding:

  1. Select the branding you desire from the drop-down menu.
  2. Click the Save button.

Delete Saved Branding:

  1. In your Saved Brands, you will see your saved brandings.
  2. Click the delete icon next to the branding you wish to delete.

PhishSim Settings

The PhishSim setting allows you to change the default education, add your organization's domain, and add a fast click threshold.



Change the Default Education:

The default education is the educational asset that a learner will see after they have been phished in a PhishSim campaign. When creating /editing PhishSim templates you can select the education your learner receives. By default, Default Education is selected.  

  1. Click the gear icon next to Default Education.
  2. Select the Education that you wish to be the default and click the Save button.

Add your Organization's Domain

It is good practice to add the domain/s that your SecurityIQ platform will be sending emails to. This is also where you can suppress the footer.

  1. Click the gear icon next to My Domains.
  2. Enter the domain/s  that you wish to add.
  3. If you would like to suppress the footer check the checkbox.
    • The footer is text at the bottom of a simulated phishing email. The text indicates that the email is a simulation and comes from SecurityIQ.
  4. Click the Save button.

 

Enable Fast Click Threshold

If you set a Fast Click Threshold to a number between 1 and 10 we will not mark a Learner's phishing email as Phished if it was triggered within that many seconds of being sent. Use zero (the default) to disable this feature.

  1. Click the Gear icon next to Fast Click Threshold.
  2. Set a value between 1 and 10.
  3. Click the Save button.

PhishNotify Plugin Settings

For complete instructions please see the Official PhishNotfy Instruction.

AwareEd Settings

You can change the domain that AwareED notification are sent from.

  1. Click the Gear icon next to Send Notifications from.
  2. Add your desired domain.
  3. Click the Save button.

Add Additional Administrators

This section allows you to add or remove SecurityIQ administrators.

  1. To add an administrator click the New Administrator button
  2. Enter the email for the administrator you wish to add. Have the new administrator check their email and follow the instructions.
  3. You can delete administrators click the delete icon next to their names.

Report Recipients

Adding a Report Recipient will allow you to send Reports and Analytics to emails that you have specified. After adding a Report Recipient their email will be available to send automated  weekly reports when you create Reports or Analytics.

  1. To add a Report Recipient click the New Recipient button.
  2. Enter the recipient's email and click the Add button.
  3. You can delete a recipient by clicking the delete icon next to their email.

Two-Factor Authentication

You can enable two-factor authentication to further secure your SecurityIQ platform. You can do this through SMS messages or the Authy application. Fore more on the Authy application visit: https://authy.com/.

  1. Click the Enable 2 Factor Auth button.
  2. Confirm your SecurityIQ password.
  3. Read the details and click the Continue button.
  4. Enter your phone number and click Continue button.

Download Email Logs

You can download a log of all emails sent from your SecurityIQ platform in the last seven days.

  1. Click the Download Log button a CSV download will start.


Learner Grading

Learner grades enable you to get a quick overview of the performance learners. You can sort learners into groups or make Analytic reports based on learner grades. You can control how learners are graded.

  1. Click the Configure Learner Grading button.
  2. Adjust the sliders for the learner events you wish to adjust. Adjusting it towards the negative will make the action decrease the learner’s grade. Adjusting towards the positive will make the action increase the learner’s grade.
  3. If you would like to revert back to default values click the Revert to Default button.
  4. Save any changes by clicking the Save button.

 

Email Stack

This section of account settings will go over the email stack that is currently being used to send PhishSim/AwareEd emails.  Here you will be able to find a list of all: IP addresses, domains and email headers to whitelist within all of your firewalls, security appliances, and any spam filters.  Please note that if you select a different option from the drop down and save, that SecurityIQ will then use the displayed IP addresses, domains and email headers for all future emails. If proper whitelisting has not been accomplished, it is possible that the delivery of emails may not be successful.  

 

 

Supplementary

Email Template Variables

 

Variable Description Subject Email Body

http://phish.io (or any URL) in a hyperlink All URLs used in hyperlinks (i.e., in an “<a href=’...’>” clause) will automatically be replaced by a “phish.io” link that allows the system to track your learners’ clicks and present them with a specific landing pages. (Some paid tiers of service allow you to customize these landing pages further.) Hyperlinks are only supported in the BODY of a message. No Yes

{{footer}} Provides a block of text that explains that this email is not spam, that it is a service of our system and that you specifically requested the test. Also provided in the text are links to report this message as phishing, unsubscribe and “report as spam”. This block of text looks similar to other legal “boilerplate” often appended to email messages by corporate email servers and usually ignored by end users. However, it is REQUIRED on all messages, both to keep our system legal, and to give eagle-eyed recipients a way to positively tell the system that they recognized your phishing message and were not fooled. This variable is only supported in the BODY of a message. No Yes

{{learner}} Provides the first and last name of the learner with a space in between the names. Example: “John Smith”. Note: this value may be blank if this value was not configured. This variable is supported in all message fields. Yes Yes

{{learner_first}} Provides the first and last name of the learner. Example: “John”. Note: this value may be blank if this value was not configured. This variable is supported in all message fields. Yes Yes

{{learner_last}} Provides the first and last name of the learner. Example: “Smith”. Note: this value may be blank if this value was not configured. This variable is supported in all message fields. Yes Yes

{{learner_email}} Provides the email address of the learner. Example: “jsmith@email.com”. This variable is supported in all message fields. Yes Yes

{{learner_title}} Provides the title of the learner. This variable is supported in all message fields. Yes Yes

{{learner_department}} Provides the department of the learner. This variable is supported in all message fields. Yes Yes

{{learner_phone}} Provides the phone number of the learner. This variable is supported in all message fields. Yes Yes

{{learner_address1}} Provides the address of the learner. This variable is supported in all message fields. Yes Yes

{{learner_address2}} Provides the address of the learner. This variable is supported in all message fields. Yes Yes

{{learner_city}} Provides the city of the learner. This variable is supported in all message fields. Yes Yes

{{learner_state}} Provides the state of the learner. This variable is supported in all message fields. Yes Yes

{{learner_zip}} Provides the zip code of the learner. This variable is supported in all message fields. Yes Yes

{{learner_country}} Provides the country of the learner. This variable is supported in all message fields. Yes Yes

{{learner_custom}} Provides the custom field of the learner. This variable is supported in all message fields. Yes Yes

{{customer}} Provides the name of your account (not the learner). Yes Yes

{{customer_email}} Provides the email associated with your account (not the learner). Yes Yes

 

 

PhishSim Education Template Variables

Variable Description

{{campaign}} Provides the name of the campaign. Example: “Customer Reps Training”.

{{learner}} Provides the first and last name of the learner with a space in between the names. Example: “John Smith”. Note: this value may be blank if this value was not configured. This variable is supported in all message fields.

{{learner_first}} Provides the first and last name of the learner. Example: “John”. Note: this value may be blank if this value was not configured. This variable is supported in all message fields.

{{learner_last}} Provides the first and last name of the learner. Example: “Smith”. Note: this value may be blank if this value was not configured. This variable is supported in all message fields.

{{learner_email}} Provides the email address of the learner. Example: “jsmith@email.com”. This variable is supported in all message fields.

{{learner_title}} Provides the title of the learner. This variable is supported in all message fields.

{{learner_department}} Provides the department of the learner. This variable is supported in all message fields.

{{learner_phone}} Provides the phone number of the learner. This variable is supported in all message fields.

{{learner_address1}} Provides the address of the learner. This variable is supported in all message fields.

{{learner_address2}} Provides the address of the learner. This variable is supported in all message fields.

{{learner_city}} Provides the city of the learner. This variable is supported in all message fields.

{{learner_state}} Provides the state of the learner. This variable is supported in all message fields.

{{learner_zip}} Provides the zip code of the learner. This variable is supported in all message fields.

{{learner_country}} Provides the country of the learner. This variable is supported in all message fields.

{{learner_custom}} Provides the custom field of the learner. This variable is supported in all message fields.

{{customer}} Provides the name of your account (not the learner).

{{customer_email}} Provides the email associated with your account (not the learner).

{{education_asset}} Provides an Education Asset. Place the variable in your custom content then select an Education Asset for the variable.

 

 

Training Notification Variables

The following variables may be used in AwareEd notification messages.

Variable Description Subject Email Body

{{training_link}} Provides a link to a page where the learner may take his/her training and view his/her progress against the entire course. This variable is REQUIRED in Enrollment and Reminder notifications. Note that links are uniquely generated for each learner and cannot be shared between learners. No Yes

{{days_since_start}} Provides the number of days since the campaign started. Example: “13”. No Yes

{{days_until_end}} Provides the number of days until the campaign ends. Example: “10”. No Yes

{{campaign}} Provides the name of the campaign. Example: “Customer Reps Training”. No Yes

{{course}} Provides the name of the course associated with the campaign. Example: “Popular Modules” No Yes

{{module_count}} Provides the number of modules in the course associated with the campaign. Example: “4” No Yes

{{learner}} Provides the first and last name of the learner with a space in between the names. Example: “John Smith”. Note: this value may be blank if this value was not configured. This variable is supported in all message fields. Yes

{{learner_first}} Provides the first and last name of the learner. Example: “John”. Note: this value may be blank if this value was not configured. This variable is supported in all message fields. Yes

{{learner_last}} Provides the first and last name of the learner. Example: “Smith”. Note: this value may be blank if this value was not configured. This variable is supported in all message fields. Yes

{{learner_email}} Provides the email address of the learner. Example: “jsmith@email.com”. This variable is supported in all message fields. Yes

{{learner_title}} Provides the title of the learner. This variable is supported in all message fields. Yes

{{learner_department}} Provides the department of the learner. This variable is supported in all message fields. Yes

{{learner_phone}} Provides the phone number of the learner. This variable is supported in all message fields. Yes

{{learner_address1}} Provides the address of the learner. This variable is supported in all message fields. Yes

{{learner_address2}} Provides the address of the learner. This variable is supported in all message fields. Yes

{{learner_city}} Provides the city of the learner. This variable is supported in all message fields. Yes

{{learner_state}} Provides the state of the learner. This variable is supported in all message fields. Yes

{{learner_zip}} Provides the zip code of the learner. This variable is supported in all message fields. Yes

{{learner_country}} Provides the country of the learner. This variable is supported in all message fields. Yes

{{learner_custom}} Provides the custom field of the learner. This variable is supported in all message fields. Yes

{{customer}} Provides the name of your account (not the learner). Yes

{{customer_email}} Provides the email associated with your account (not the learner). Yes

 

Sample Enrollment Email

Hello {{learner}} ({{learner_email}}),

You have been enrolled in computer-based Security Awareness Training!

To access your training, please follow this link: {{training_link}} Note that NO username and password is required. The course you are taking is called “{{course}}”, is being directed at “{{campaign}}”, and includes {{module_count}} interactive training modules. You have {{days_until_end}} to complete your training and you will be reminded to complete it every few days. For the best possible experience, you should plan on taking your training at a computer with audio, but closed captions are also provided if audio is not an option.

Thank you!

 

Sample Reminder to Start Notification

Hello {{learner}} ({{learner_email}}),

It’s time to start your computer-based Security Awareness Training! To begin your training, follow this link: {{training_link}}

(You have {{days_until_end}} to complete your training. For the best possible experience, you should plan on taking your training at a computer with audio, but closed captions are also provided if audio is not an option.)

 

Sample Reminder to Finish

Hello {{learner}} ({{learner_email}}),

This is just a reminder to complete your computer-based Security Awareness Training! To complete your training, follow this link: {{training_link}}

(You have {{days_until_end}} to complete your training. For the best possible experience, you should plan on taking your training at a computer with audio, but closed captions are also provided if audio is not an option.)

 

Sample Completion Notification

Congratulations {{learner}} ({{learner_email}})!

You have successfully completed your computer-based Security Awareness Training!

For your information, it took you {{days_since_start}} to complete all {{module_count}} modules in the “{{course}}” training course.

Please save or print a copy of this email for your records.

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

 

 

Infosec
Infosec